Send WireGuard mailing list submissions to
wireguard@lists.zx2c4.comTo subscribe or unsubscribe via the World Wide Web, visit
https://lists.zx2c4.com/mailman/listinfo/wireguard
or, via email, send a message with subject or body 'help' to
wireguard-request@lists.zx2c4.com
You can reach the person managing the list at
wireguard-owner@lists.zx2c4.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of WireGuard digest..."
Today's Topics:
1. MacOS client with local DNS resolver (Peter Baumgartner)
2. Request to change IPv4 preference - mobile apps (Will Tisdale)
3. WireGuard Android kernel module+gnirehtet? (steamport)
4. DNS on macos (Illule)
5. Deploy a wireguard on 2 raspberry pi to connect 2 remote lan
- Lan2Lan (Paulo Lopes)
----------------------------------------------------------------------
Message: 1
Date: Fri, 12 Apr 2019 12:07:28 -0600
From: Peter Baumgartner <pete@lincolnloop.com>
To: wireguard@lists.zx2c4.com
Subject: MacOS client with local DNS resolver
Message-ID:
<CAC6K9z=3D=xMwTBRf3sA_5=OKR2R8o6aRa3JedGxzxVEzn-+Bw@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
I'm using the official Mac GUI client (version 0.0.20190409) and am
having troubles with DNS after connection. I use a local DNS resolver,
so I have my DNS manually set to 127.0.0.1 on the network interface:
$ scutil --dns | grep scoped -A50
DNS configuration (for scoped queries)
resolver #1
nameserver[0] : 127.0.0.1
if_index : 8 (en0)
flags : Scoped, Request A records, Request AAAA records
reach : 0x00030002 (Reachable,Local Address,Directly Reachable Address)
Once I activate a Wireguard tunnel, the resolvers are updated to the
IP of my Wireguard server:
$ scutil --dns | grep scoped -A50
DNS configuration (for scoped queries)
resolver #1
nameserver[0] : 10.0.77.1
if_index : 8 (en0)
flags : Scoped, Request A records
reach : 0x00000002 (Reachable)
resolver #2
nameserver[0] : 10.0.77.1
if_index : 19 (utun2)
flags : Scoped, Request A records
reach : 0x00000003 (Reachable,Transient Connection)
Setting `DNS = 127.0.0.1` on the [Interface] section for my client has
no effect.
How can I activate the tunnel, but keep my DNS resolver as 127.0.0.1?
------------------------------
Message: 2
Date: Sun, 14 Apr 2019 18:17:04 +0100
From: Will Tisdale <will@z3n.uk>
To: wireguard@lists.zx2c4.com
Subject: Request to change IPv4 preference - mobile apps
Message-ID:
<CAFWLA-XbDKtYHib8G2ujk7E+fsuPco9uX9NvPsu35Dd_HxVGyA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Hello,
I sent a message to the list about weirdness with IPv4 being preferred
over IPv6 in the iOS app a few days ago, but it didn't get there for
whatever reason.
I've since done a bit of digging through the code and found that
preferring IPv4 is intentional, and it's also implemented that way on
the Android app too.
It seems a shame to hobble native IPv6 support for everyone just to
work around some peoples misconfigured setups.
My suggestion/request would be to change the apps to prefer IPv6 as
default, but add a switch to the apps to disable IPv6 or prefer IPv4
for those with broken setups.
Does that seem reasonable?
Cheers,
-Will
------------------------------
Message: 3
Date: Thu, 18 Apr 2019 09:47:23 +0000
From: steamport <steamport@protonmail.com>
To: "wireguard@lists.zx2c4.com" <wireguard@lists.zx2c4.com>
Subject: WireGuard Android kernel module+gnirehtet?
Message-ID:
<EwYrrc-xpesfT0VwXUQnoXU-HHmFugo8Pj3MZu7o6nDNgazeJIegFKwyCNXABg4fBvsuTbTwAnEy52gaBLbzckHhOwUaFEFXOQggOQwGYPM=@protonmail.com>
Content-Type: text/plain; charset="utf-8"
Hey, it appears the WireGuard kernel module doesn't work on top of an Android VPN, even if it's a reverse tethering thing like?gnirehtet.
Also sorry if this isn't the proper place to report/say this.
Sent with ProtonMail Secure Email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20190418/edd46c99/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - steamport@protonmail.com - 0x170EF114.asc
Type: application/pgp-keys
Size: 678 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20190418/edd46c99/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20190418/edd46c99/attachment.asc>
------------------------------
Message: 4
Date: Tue, 30 Apr 2019 00:41:14 +0200
From: Illule <illule@ubstee.fr>
To: wireguard@lists.zx2c4.com
Subject: DNS on macos
Message-ID: <8D6A8B89-F86B-4899-92FB-BCA9D455D79C@ubstee.fr>
Content-Type: text/plain;
charset=utf-8
Hi,
On macos the DNS set by wireguard is used as secondary DNS :
sudo scutil ?dns returns :
```
DNS configuration (for scoped queries)
resolver #1
search domain[0] : home
nameserver[0] : fe80::924d:4aff:feeb:2eb0%en0
nameserver[1] : 192.168.137.1
if_index : 8 (en0)
flags : Scoped, Request A records, Request AAAA records
reach : 0x00020002 (Reachable,Directly Reachable Address)
resolver #2
nameserver[0] : 10.137.3.3
if_index : 17 (utun1)
flags : Scoped, Request A records
reach : 0x00000003 (Reachable,Transient Connection)
```
Is it wanted ? I?d prefer use my personnal DNS as main resolver. Moreover safari seems to being able to use it when a domain is not public but not command like dig.
Best regards,
Illule
------------------------------
Message: 5
Date: Wed, 1 May 2019 15:19:08 +0000
From: Paulo Lopes <plopes1960@hotmail.com>
To: "wireguard@lists.zx2c4.com" <wireguard@lists.zx2c4.com>
Subject: Deploy a wireguard on 2 raspberry pi to connect 2 remote lan
- Lan2Lan
Message-ID:
<AM0PR08MB3522DC4AA812C933D8285AFCD43B0@AM0PR08MB3522.eurprd08.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"
Hi all!!!
First, let me thank for the amazing vpn protocol that Wireguard is!!!!
I need your advise. As you can see on the picture attach, I have 2 raspberry pi. One as a vpn server and the other as a vpn client to connect 2 remote Lan.
Can you point me what I need to do, if I want to replace the openvpn for the wireguard?
I can connect 2 rpi with wireguard, but, the others ip machinies on the server and client side can?t see each other.
With openvpn I needed to inser iroute and add a static route on both routers. What I need to with the wireguard?
Once again many tahnks for all the help you can give me?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20190501/43336e96/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 43065884_1892102284211888_2227626938879442944_n.jpg
Type: image/jpeg
Size: 46732 bytes
Desc: 43065884_1892102284211888_2227626938879442944_n.jpg
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20190501/43336e96/attachment.jpg>
------------------------------
Subject: Digest Footer
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
------------------------------
End of WireGuard Digest, Vol 38, Issue 5
****************************************